top of page
  • Writer's pictureAdmin

The lurking menace in Guam: New threat to homeland security and what to do about it 

By Mar-Vic Cagurangan and Naina Rao

The landscape of digital threats is ever-evolving, compounding the labyrinthian nature of the technologies that we have come to depend on. And for Guam, cybersecurity transcends domestic scope. The island is particularly vulnerable to cyberattacks by nefarious elements, considering its strategic role in homeland defense.


“Guam is the gateway to national security. And there's a lot of attention here, along with what's happening with the geopolitical environment in Taiwan and China,” Gov. Lou Leon Guerrero said.

Volt Typhoon, which attacked Guam at the height of Typhoon Mawar in May, stands out as a stark reminder of the burgeoning cyber threats. “This advanced, persistent threat employs sophisticated tactics, techniques and procedures, including the living off the land strategy, which makes it particularly insidious,” said Frank Lujan, the government of Guam’s chief technology officer.

Lujan noted that Volt Typhoon, China’s state-sanctioned hacker, revealed its ability to operate within existing infrastructure, hiding in plain sight, lurking and blending into normal environments, making it a formidable challenge to detect, let alone, mitigate.

Gov. Lou Leon Guerrero speaks at the 2024 Central Pacific Cybersecurity Summit hosted by the Guam National Guard at the University of Guam on Nov. 6, 2023. Photo courtesy of U.S. National Guard/Mark Scott

Cybersecurity is a multifaceted challenge involving interconnected digital infrastructure, highly motivated cybercriminals and a diverse range of threats. Technological advancements and the prevalence of connected devices add further complexity, necessitating continuous adaptation and the use of cutting-edge strategies and tools.

But even cybersecurity experts are unable to paint the complete picture. It remains unclear if Volt Typhoon was involved in the cyberattacks on Guam Memorial Hospital and Docomo Pacific, which caused an internet outage in March.

“It is much more complex. How they got in is actually more organic. It is just something that is there that is taken advantage of,” Lujan said. “Other than knowing that there were areas within Guam that affected our infrastructure, we have no evidence yet that we hadn't been penetrated.”

At the heart of the problem is the deficit in full comprehension of the complexity of cybersecurity and how it works. “It is very difficult to detect. We just know that it's there,” Lujan said. “Where it is— that's kind of the big question. Right now, we have everything, all the tools in place, to try and look for those indicators of compromise. But at this point, we still don't see it.”


In a report released on the day Typhoon Mawar hit Guam, Microsoft said it had uncovered “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.

"The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” Microsoft said.

Lt. Col. Bumjin Park, chief information officer for the Guam Guard, agreed that the Volt Typhoon offensive was a highly sophisticated operation that used “built-in Microsoft tools that clutter TV and internet, making it difficult to detect. “So, it's a costly experience with that situation,” he said.

The only clear thing is the vulnerability and weaknesses of Guam’s cybersecurity program, according to Leon Guerrero.

Cybersecurity experts have held a series of cyber conferences on Guam to “solidify and prevent future cyberattacks.” At the 2024 Central Pacific Cybersecurity Summit hosted by the Guam National Guard from Nov. 6 to 7, more than a hundred cybersecurity stakeholders gathered at the University of Guam.


The Department of Defense earlier acknowledged that the malicious computer code installed by state-sponsored Chinese hackers could disrupt U.S. defense operations on military bases. The Microsoft report said Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.

“What we want to do is protect and make a solid plan and solid actions to strengthen our cyber deterrence,” the governor said. “Integrated deterrence is a watchword over at Indo-Pacific Command. This is the work we are doing here today. I am optimistic about the future of our island, one that doesn't fear the digital age, but one that embraces it.”

The latest cybersecurity conference saw the gathering of representatives from the U.S. Indo-Pacific Command, National Guard Bureau, U.S. Cyber Command, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, public utilities, and commercial service providers.


“When we talk about homeland defense and integrated deterrence, it starts with relationships,” Park said. “Yes, we are generating plans and trying to procure much-needed cyber resources. But really, it’s the human element like strong partnerships and well-trained communities, even for regular civilian users at home and at work, that provide a strong front against any adversary.”

The goal is “to strengthen the defense of Guam and our nation,” Leon Guerrero said. “So we are moving very aggressively to put up all the organizational infrastructure and to continue working through close relationships and communications with our very strong allies and stakeholders.”

The weaknesses of Guam’s technological infrastructure are exacerbated by a shortfall in skilled cybersecurity professionals, Lujan said. “Our vulnerabilities necessitate robust workforce capability in countering the evolving threats posed by adversaries like Volt Typhoon,” he said. “The workforce shortage is a challenge. What we found over the last year or so is that building from the ground up is probably the best approach. Bringing people from outside actually can tend to be very, very competitive.”


He emphasized the urgent need to bridge the workforce shortage that makes it imperative to invest in education, training and recruitment in the cybersecurity domain. “The cybersecurity landscape is in the state of perpetual transformation,” Lujan said. “To navigate this landscape effectively, we must remain agile, proactive, and equipped with the latest technologies and strategies. Our capacity to adapt and innovate will be the linchpin in our efforts to defend against emerging threats.”

Lujan also stressed the need for collaboration among stakeholders particularly in the field of emergency management. “The integration of cybersecurity into emergency management stands as a cornerstone to safeguard critical infrastructure, information and systems that are essential for emergency response and recovery,” Lujan said. “Our collective strength lies in unified and coordinated efforts. In the face of cyber threats, a cohesive and harmonized approach becomes pivotal in responding to the recovery from incidents, and ensuring the resilience of our systems.”

Park said the key to building capacity is getting everyone trained and to produce cyber expertise on Guam. “To do that, we have to work together to bring in resources and you’ll have that global permanent training cycle.”

Subscribe to

our digital

monthly edition


bottom of page